proctool is a proof-of-concept tool implementing "Artifact Tracing via I/O Monitoring".
To know more about it check out the presentation and the demo.
- Nix
$ nix-shell
$ make install$ nix-shell
$ make test- Current implementation is based on
strace. A high performance hit is expected. openatandexecveare the only supported syscalls.- No children of the surveilled process will be monitored after the dead of its parent.